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Apparatxis for Authorisin g Accesg to an Elect:ron±Q Device 



The present invention relates to an apparatus for 
authorising access to an electronic device. 

Third generation mobile communication devices provide the 
facility for users to store a large amount of 
confidential personal information on the device such as 
bank account details, personal contact details and 
calendar, diary entries and other data. Devices are also 
capable of sending e-mails and transmitting documents and 
it is probable that confidential e-mails and documents 
may be stored on the device. Therefore, the contents of 
the user's device may be confidential and a user will 
wish to prevent third parties from accessing them. 

Mobile phone crime is common and the continued reduction 
15 in the size of mobile devices allows them to be easily 
misplaced or inadvertently left in public places. On 
losing a device, a user can advise the network that the 
device has been lost or stolen and the network will 
prevent that device from making or receiving calls. 
However, the network is not able to power down the phone. 
Therefore, the person in possession of the device may 
still access the features and information which is stored 
within the device although they are not able to connect 
to the network. 
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Generally this is a satisfactory solution for the user. 
Known devices contain address books and saved text 
messages and although the loss of .s.uch .information may be 
inconvenient, in general, it is* not ' serious . Therefore, 
when a device is lost or stolen, most .users are more • 
concerned about preventing the use "of the device for 
making calls than the loss df^any personal information 
contained within the device . ' 



- 2 - 

In contrast, third generation systems will regularly 
contain a large amount of confidential personal 
information. The potential loss of the data stored on the 
device is likely to be more distressing to the user than 
5 the inconvenience of replacing the device. In fact, it 
is feasible that thieves may target mobile devices for 
the information stored within them rather than for the 
physical device itself. Users will require confidential 
information stored on the device to be secure and non- 
XO accessible if the device is lost or stolen. 

Commonly used mobile devices provide authenticated access 
to the device through the manual entry of personal 
identification numbers (PINs) . Typically, on power up 
the user will be required to enter a security PIN in 

15 order to gain access to the device. On entering the 

correct PIN the device will attach itself to the network 
and the user may access the features of the device. If 
the PIN is entered incorrectly access to the device is 
denied and, in certain cases, entering an incorrect PIN a 

20 predefined number of times vjill cause the device to 

deactivate. During use, the device may enter sleep mode 
or the keypad may be activated and deactivated by a 
combination of key presses, however, typically there is 
no requirement for further PIN entries and authentication 

25 is only required on power up. 

Some mobile devices provide the facility for the user to 
set further PIN security mechanisms to provide access to 
selected functions of the mobile device. However, 
further PINs are 'rarely activated due to the 
30 inconvenience of executing the manual authorisation 

procedure each time the user wishes to use the restricted 
function. 

In third generation systems, the frequency of access is 
likely to be considerably greater than that of current 
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systems since the user will- use, the device to access non- 
call related features, for example e-mails, stored 
documents or diaries. Therefore, further PIN 
requirements will be more inconvenient for the user. In 
this case,, users are even more unlikely to activate 
further PIN security mechanisms. This will leave users 
•more prone to unauthenticated access to sensitive data. 

Thus, third generation devices will potentially contain a 
large amount of user sensitive data and there is a need 
for increased security on the devices to prevent 
unauthorised access. However, increasing the number of 
-manually entered PiNs or passwords is inconvenient to the 

sear* _ 



user 



Embodiments of the present invention overcome these 
problems by providing authorisation to access the 
electronic device via a series of radio signals between 
the electronic device and a radio module which is paired 
to the device. The module is carried separately from the 
device and, when authorisation is required, the device 
automatically attempts to detect the presence of the 
radio module. 

In order to detect the presence of the module, the device 
transmits a search signal to the module. The radio 
module receives the search signal from the device and 
transmits an authorisation signal in response. On 
receiving, the authorisation signal the electronic device 
provides the user with access to the restricted 
application. if the electronic device does not receive ' 
an authorisation signal from the module, access to the 
electronic device is initially refused and the user may 
be required to provide further authorisation, . for example 
using a PIN, in order to access the restricted 
application. 
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The invention is defined more precisely in its various 
aspects in the appended claims to which reference should 
now be made. 

Embodiments of the present invention will now be 
5 described in detail by way of example with reference to 
the accompanying drawings, in which: 

Figure 1 is a flow diagram showing the authentication 
procedure between an electronic device and a paired radio 
module . 

10 , Figure 2 shows the communication link between the 
electronic device and a radio module. 

Figure 3 is a flow diagram showing the procedure for 
executing a manual authorisation check. 

Figure 4 is a flow diagram showing the procedure for 
15 obtaining access to the device in a preferred embodiment 
of the device. 

Figures 1 and 2 show the authentication procedure between 
the electronic device and the radio module. At 110 the 
device 200 determines whether authorisation is required. 
20 If the application is not required, the user may continue 
use of the device. However, if authorisation is required 
then the device 200 will commence an authorisation check 
with a paired radio module 220 at 120. 

The device executes the authorisation check by 
25 transmitting a search signal 210 to a paired module 220 

at 130. The module receives the search signal at 140 and 
identifies whether the signal was transmitted by the 
electronic device at 150. Typically the electronic 
device will transmit signals on a specific frequency, 
30 however, further embodiments of the invention may include 



other means of identifying that the signal is a search 
signal. If the signal is identified as a search signal 
at 150, the module transmits an authorisation signal 330 
in response at 160. if at 170 the electronic device 
receives the authorisation signal from the module, the 
authorisation is successful at 180. 

If the device does not receive the authorisation signal 
at 170, then the authorisation check has failed at 190. 
Typically a predetermined time period is set within which 
the device expects to receive an authorisation signal. 
This time period is typically fractions of a second and 
will not be perceived by the user. If the authorisation 
signal is not received within this period then the 
authorisation check has failed. if the authorisation 
check has failed at 190, certain embodiments of the 
invention may re-execute an authorisation check by 
transmitting a further search signal at 140. 

In preferred embodiments of the present invention, if the 
radio authorisation check fails then the device may 
execute a manual authentication check in order that the 
user may be provided with a further opportunity to access 
the device. Figure 3 shows the procedure for execution 
of a manual authentication procedure. At 300 the device 
determines whether manual authorisation is required. If 
manual authorisation is required then the device requests 
manual authorisation at 310. Typically the device will 
require a PIN number or password which is entered - via the 
keypad, however further embodiments may include audio 
passwords or other authorisation codes. if the entry is 
correct at 320 then the manual authorisation is 
successful at 330. However, if an incorrect pin is 
provided at 320 then access to the manual authorisation 
has failed at 340. Embodiments of the invention may then 
re-execute the manual authorisation check at 310 for a 
predetermined number of times, in certain embodiments, ' 



if the user makes a predefined nuanber of incorrect 
entries, the device will automatically shut down. 

The radio authentication procedure may be used to 
restrict access to applications, files or functions of 
the device. Restricted applications may include areas of 
memory^ files or software run applications on the 
•electronic device. Furthermore, the making or receiving 
of calls may be restricted- Preferred embodiments can be 
configured by a user and the user can designate that any 
application of the device . requires authentication before 
access to that application is permitted. In other 
embodiments, the device will automatically designate that 
access to applications is restricted. For example, the 
user may select that a restriction be included at power 
up of the device and therefore each time the device is 
powered up the user will not be allowed to proceed to use 
the device until authorisation is provided. 

Apparatus for executing a radio authorisation procedure 
may be incorporated into any electronic device. 
Furthermore, the times at which the authorisation 
procedure is executed and the events which trigger the 
execution of the procedure will vary in the many possible 
embodiments of the invention. A few preferred 
embodiments are now described, however this list is not 
exhaustive. 

In a first preferred embodiment a radio authorisation 
check is made on power up of an electronic device and 
subsequently at each time a new application is selected. 
If the radio authorisation check is successful then 
access to that application is permitted. If radio 
authorisation is not successful then the device will 
require manual authorisation in order that the user may 
be permitted access to the application. 



once the user has successfully gained access to a 
particular application no further radio or manual 
authorisation checks are executed for that application 
while the device remains powered up. However, once the 
device is powered down, the authorisation status of the 
device is reset and an authorisation check will be 
executed again after power up. m this entoodiment, 
authorisation may be required for all application or only 
selected applications. The selected applications may be 
determined by the user, or automatically by the device. 

In a second preferred embodiment the device executes a 
radio authorisation check when the unit is powered up. 
If the radio authorisation is successful, the user is 
permitted use of the device. if the radio authorisation 
check fails after power up the user is required to enter 
a manual authorisation in order to proceed with use of 
the device . 



once access to the device has been obtained the device 
may perform further radio authorisation checks either at 
regular time intervals and/or on selection of a secure 
application. The time periods at which the authorisation 
checks are executed and applications which are secure may 
be determined by the user or configured during 
production . 

The procedure following a radio authorisation check is 
shown in the flow diagram of figuri 4. At 400 the device 
executes a radio authorisation check. if the check is 
successful at 410 use of the device is permitted at 420. 
The authorisation history is then deleted from the memory 
of the device and the authorisation status of the device 
is reset at 430. 

If the radio authorisation check is unsuccessful at 410 
the device determines, at 440, whether correct manual 
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authorisation has been provided since the last reset of 
the authorisation status. If manual authorisation has 
been provided since the last reset then use of the device 
is permitted at 450. However, if manual authorisation 
S has not been provided then manual authorisation is 
requested at 460. If the manual authorisation is 
correctly entered at 470 access is provided at 480. If 
manual authorisation is not correctly entered at 470 then 
access is denied at 490. 

XO Therefore, in the situation when a user powers up his 

mobile telephone out of the range of the radio module he 
will be prompted for manual authorisation in order to 
gain access to the device. If the user correctly 
provides the manual authorisation he is permitted use of 

15 the device- Once the device returns to within the range 
of the module and the device executes a successful radio 
authorisation, the authorisation status of the device 
will be reset. The user will be prompted to enter manual 
authorisation on the next occasion when the radio 

20 authorisation check is unsuccessful. In this embodiment, 
if the device is stolen or misplaced while in the range 
of the radio module then siobsequent use of the device 
outside the range of the module is not permitted until 
correct manual authorisation has been provided. 

25 In a third preferred embodiment a radio authorisation 
check is executed on power up. If the check is 
successful then access is permitted to the unit, however 
if the check is unsuccessful then the user must provide 
correct manual authorisation in order to gain access to 

30 the device. Once access is obtained, the user is 

provided with use of the device. However, the unit 
includes a timer to determine the tdLme period for which 
the device is idle. When the device is idle for a time 
period exceeding a predefined time period the 

35 authorisation status of the device is reset and the next 
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time a key is depressed a radio authorisation check is 
made. 

Further eznbodiments execute radio authorisation checks 
each time an application is selected or periodic 
authorisation checks in order to provide continued use of 
the device. 

Embodiments of the present invention allow a user to 
restrict access to certain applications within a mobile 
communications device. Authentication is provided by an 
exchange of signals between the device and a radio module 
which is paired to the device. . The authorisation is 
provided automatically and the user is not required to 
enter any passwords unless the device is out of range of 
the module. m fact, if the radio authorisation check is 
successful, the user will be unaware that an 
authorisation check has been made. The invention 
provides a user with secure applications within his 
electronic device and, as long as the device is in the 
vicinity of the module, the user will not have the 
inconvenience of manually providing authorisation to 
access the secure application. 

The increasingly widespread use of radio hands free sets 
in particular devices incorporating eg Bluetooth 
technology, enables a separate device to be carried which 
IS distinct from the device. The hands free device is 
unlikely to be lost or stolen with the device and 
therefore, any unauthorised user will not remain in the 
range of the radio device. The user may be provided with 
a small radio device which is dedicated to use with the 
invention or the module may be incorporated any radio 
device Which the user carries on his person. Such a 
device could be kept in a user's wallet or purse or on a 
key-ring. 
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Embodiments of the invention also provide users with 
different levels of security for applications . For 
example, a user may designate that certain applications 
can only be accessed in the presence of a first module. 
5 More sensitive applications might only be accessible in 
the presence of a second module. The user may also have 
the option of not allowing access at all if the required 
module is not present and therefore any radio 
authorisation checks are unsuccessful. 



10 It will be obvious to those skilled in the art that rhe 
present invention is not restricted to use with mobile 
phones- The invention can be applied to any electronic 
device, for example a laptop computer, or personal 
organiser- Furthermore, the invention can be usefully 

15 incorporated into any fixed position electronic device 
for example a personal computer- 
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1. An apparatus for providing access to ah electronic 
device comprising; 

means for requesting access to the electronic 
device, 

means for determining that authorisation is required 
in order that access be provided, 

means for transmitting a search signal upon 
determination that authorisation is required, 

means for receiving an authorisation signal, and 
means for providing access to the electronic device 
in dependence on the received authorisation signal. 

2. An apparatus for providing access to an electronic 
device according to claim 1 further comprising means for 
determining a first time period between transmission of 
the search signal and receipt of the authorisation signal 
wherein access to the electronic device is provided in 
dependence on the first time period being less than a 
first predefined tirtie period. 

20 3. An apparatus for providing access to an electronic 
device according to claim 2 comprising a means to re- 
transmit the search signal if the authorisation signal is 
not received within the first predefined time period. 
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4. An apparatus for providing access to an electronic 
device according to claim 2 or 3 comprising means for 
requesting manual authorisation if the authorisation 
signal is not received within. the first predefined time 
period. 

5. An apparatus for providing access to an electronic 
device according to claim 4 cort^jrising means for 
inputting manual authorisation. 
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6. An apparatus for providing access to an electronic 
device according to claim 5 wherein the manual 
authorisation is a personal identification number. 

7. An apparatus for providing access to an electronic 

5 device according to claim 1, 2^ 3, 4, 5 or 6 in which the 
means for determining that authorisation is required 
performs this function on power up of the device. 

8. An apparatus for providing access to an electronic 
device according to claim 1, 2, 3, 4, 5, 6 or 7 in which 

10 • the means for determining that authorisation is required 
performs this function when access to selected 
applications on the electronic device is requested. 

9. An apparatus for providing access to an electronic 
device according to claim 7 in which the means for 

IS determining that authorisation is required performs this 
function periodically after power up of the device. 

10. An apparatus for providing access to an electronic 
device according to any preceding claim comprising means 
to measure a second time period for which the device has 

20 been idle. 

11. An apparatus for providing access to an electronic 
device according to claim 10 in which the means for 
determining that authorisation is required performs this 
function in dependence on the second time period 

25 exceeding a second predefined time period. 

12. An apparatus for providing access to an electronic 
device according to claim 11 wherein the second 
predefined time period is determined by a user. 

13. An apparatus for providing access to a restricted 
30 application on an electronic device according to any 
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preceding claim wherein the search signal and 
authorisation signal are radio signals. 

14. An apparatus for providing remote authorisation to 
access an electronic device con?jrising; 
5 means for receiving a search signal from the 

electronic device, 

means for transmitting an authorisation signal for 
the electronic device in response to the received search 
signal. 

10 15. An apparatus for providing remote authorisation to 
access an electronic device according to claim 9 wherein 
the search signal and authorisation signal are radio 
signals . 

16. A method for providing access to an electronic 
15 device comprising the steps of; 

requesting access to the electronic device, 
determining that authorisation is required in order 
that access be provided, 

transmitting a search signal upon determining that 
authorisation is required, 

receiving an authorisation signal, and 
providing access to the electronic device in 
dependence on the received authorisation signal. 
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17. A method for providing access to an electronic 
device according to claim 16 including the further step 
of comparing a first time period between the transmission 
of the search signal and the receipt of the authorisation 
signal with a first predefined time period and providing 
access to the electronic device in dependence on the time 
period being less than the first predefined time period. 

18. A method for providing access to an electronic 
device according to claim 17 including the step of re- 
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transmitting the search signal if the authorisation 
signal is not received within the first predefined time 
period. 

19.- A method for providing access to an electronic 
5 device according to claim 17 or 18 including the step of 
requesting manual authorisation if the authorisation 
signal is not received within the first predefined time 
period. 

20- A method for providing access to an electronic 
10 device according to claim 19 wherein the manual 

authorisation is a personal identification number. 

21. A method for providing access to an electronic 
device according to claims 16, 11, 18, 19 or 20 in which 
the step of determining that authorisation is required is 

15 performed on power up of the device. 

22 . A method for providing access to an electronic 
device according to any of claims 16 to 21 in which the 
step of determining that authorisation is required is 
performed when access to selected applications on the 

20 electronic device is requested. 

23. A method for providing access to an electronic 
device according to claim 22 in which the step of 
determining that authorisation is required is performed 
periodically after power up of the device. 

25 24. A method for providing access to an electronic device 
according to any of claims 16 to 23 including the step of 
measuring a second time period for which the electronic 
device has been idle. 

25 . A method for providing access to an electronic 
30 device according to claim 24 in which the step of 
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determining that authorisation is required is performed 
. xn dependence on the second time period exceeding a 
second predefined time period. . 

26. A method for providing access to an electronic 
device according to claim 25 wherein the second 

. predefined time period is determined by the user. 

27. A method for providing access to an electronic 
•device according to any of claims 16 to 26 wherein the 
search signals and authorisation signals are radio 
signals. 

28. A method for providing remote authorisation to 
access to an electronic device comprising the steps of ; 

receiving a search signal, and 
transmitting an authorisation signal for the 
electronic device in response 'to the received search 
• signal . . 

29. A method for providing remote authorisation to 
access an electronic device according to claim 28 wherein 
the search signal and authorisation signal are radio 
signals . . 

3.0. An apparatus for providing access to an electronic 
device substantially as herein described with reference 
to the accompanying figures. 

31. An apparatus for providing remote authorisation to • 
access an electronic device substantially as herein 
described with reference to the accompanying figures. 

32. A method for providing access to an electronic device 
substantially as herein described with reference to the 
accompanying figure:^. 



33. A method for providing remote authorisation to access 
an electronic device siobstantially as herein described 
with ■ reference to the accompanying f igiores . 

34. A system for authorising access to an electronic 
device comprising: 

an electronic device and an electronic module, 
wherein the electronic device comprises 

means for requesting. access to the electronic 
device, 

means for determining thar authorisation is required 
in order that access be provided, 

means for transmitting a search signal upon 
determination that authorisation is 'required, 

means for receiving an authorisation signal, and 

means for providing access to the electronic device 
in dependence on the received authorisation signal, 

and the electronic module comprises, 

means for receiving a search signal from the 
electronic device, 

means for transmitting an authorisation signal for 
the electronic device in response to the received search 
signal. 

35. A method for authorising access to an electronic 
device including the steps of: 

requesting access to the electronic device, 
determining that authorisation is required in order 

to provide access to the electronic device, • 

transmitting a search signal from the electronic 

device upon determining that authorisation is required, 

receiving the search signal at an electronic module, 
transmitting an authorisation signal from the 

electronic module in response to the received search 

signal, 

receiving the authorisation signal at the electronic 
device and 
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providing access to the electronic device in 
dependence on the received authorisation signal. 
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Appajratus for* Authorising Access to an Elecbronxc Device 
Abstract 

Figure 2 

An apparatus for providing access to an electronic device 
5 comprising means for requesting access to the electronic 
device, means for determining that authorisation is 
required in order that access be provided ^ means for 
transmitting a search signal upon determination that 
authorisation is required, means for receiving an 
10 authorisation signal and means for providing access to 
the electronic device in dependence on the received 
authorisation signal. 
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